1. Field of the Invention
Illustrative embodiments of the present invention relate to a machine in which software and a device-encryption key are installed, an apparatus, system, and method for managing the software and the device-encryption key installed in the machine, and a recording medium including instructions for causing the apparatus to execute the method.
2. Description of the Background
Conventionally, hash values are used to detect unauthorized modification of software installed in a computer. When software is installed in a computer, a first hash value for the software is calculated and stored on a secondary storage device of the computer. Further, at start-up, the computer calculates a second hash value for the software when loading it, compares the second hash value with the first hash value stored on the secondary storage device, and determines whether unauthorized modification has been performed on the software based on results of the comparison.
In such a conventional detection method, however, if unauthorized modification is performed on both the software and the first hash value stored on the secondary storage device, the computer cannot detect the unauthorized modification.
It is conceivable that encrypting the first hash value stored on the secondary storage device may circumvent this problem of failing to detect unauthorized modification of the software. However, since an encryption/decryption key for encrypting and decrypting the hash value is stored on the secondary storage device as well, an unauthorized user can obtain the decryption key to decrypt the encrypted hash value.
Hence, a conventional method proposes detecting unauthorized modification of firmware using a trusted platform module (TPM). A TPM is a security chip that conforms to standards defined by TCG (trusted computing group), an industry standard-setting organization, and includes a non-volatile memory storing an asymmetrical key pair consisting of an unextractable secret key and an extractable public key and a micro-processor for encryption processing, which are installed, for example, on a mother board of a MFP (multi-functional peripheral).
In the conventional method, an encryption key (hereinafter “key BLOB (binary large object)”) encrypted with the public key of the asymmetrical key pair is stored on a secondary storage device, such as the non-volatile memory, of the MFP. When firmware is installed in the MFP before shipment, a hash value is calculated. When the encryption key is decrypted from the key BLOB using the TPM, the hash value is encrypted with the decrypted encryption key and stored on an external secondary storage device, such as an SD (secure digital) memory card. In setting up the MFP, the key BLOB loaded from the internal secondary storage device is decrypted using the TPM, and the encrypted hash value loaded from the external secondary storage device is decrypted with the encryption key decrypted from the key BLOB. The decrypted hash value is compared with a hash value re-calculated from the firmware. As a result, if the decrypted hash value matches the re-calculated hash value, the MFP determines that no unauthorized modification has been performed. By contrast, if the decrypted hash value differs from the re-calculated hash value, the MFP determines that unauthorized modification has been performed. Thus, the conventional method detects unauthorized modification of the firmware during delivery of the MFP.
However, in the conventional method, since the detection of unauthorized modification is performed within the MFP, when unauthorized modification is performed on, for example, software for determining a comparison result, the MFP cannot detect unauthorized modification of the firmware.
In another example, to prevent tapping of internally-stored data, information stored on a storage device, such as a hard disk drive (HDD), of a machine may be encrypted. Alternatively, it is conceivable that a device-encryption key for encrypting data stored on a storage device of a machine is encrypted with a public key of an asymmetrical key pair of a TPM to create a key BLOB, which is stored on a non-volatile memory of the machine.
However, when a board mounting the TPM malfunctions, the machine cannot decrypt the device-encryption key. Consequently, even when a storage device, such as an HDD, of the machine is operating normally, the encrypted data stored on the storage device cannot be accessed.
Alternatively, the above-described problem might be prevented if a user can store or back up the key BLOB in some way. In such a case, however, from the viewpoint of security, a user needs to back up a device-encryption key whenever changing it. Such a configuration poses much trouble to users and additionally, depending on the management method, may actually increase the risk of a security breach in the form of leaks of information about the device-encryption key.